When adding non-MSI applications through Win32 in endpoint, it will ask you to enter an install and uninstall argument. Depending on the application, this can be difficult in creating these arguments and may require some research and troubleshooting.
For example, Adobe Reader’s install argument is the following:
- AcroRdrDC1900820071_en_US.exe /sAll /rs /rps /msi /norestart /quiet EULA_ACCEPT=YES
- Install Adobe Reader DC using Win32 deployment and Microsoft Intune (allthingscloud.blog)
Finding a product’s GUID may prove difficult. You can find a product’s GUID within the below registry edits:
- (64-bit apps) HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
- (32-bit apps) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
For example, the install string would be what you place into the uninstall argument into Intune:
This can prove time-consuming and unconventional at times.
This is where ‘Winget’ comes in.
‘The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 and Windows 11 computers. This tool is the client interface to the Windows Package Manager service.’
‘Winget is included in Windows 10 Version 1709 and later and all versions of Windows 11 as the App Installer. If you’re running an earlier version of Windows 10, visit the winget home page at GitHub’
You can simply install applications via the command:
- winget install IDNAME
For example:
Winget searched for IDs relating to ‘steam’ and gave me a list of similar applications. To install the application, I would execute:
- winget install Value.Steam
The above is a very basic example but we can utilize this for Intune applications.
If you take a look at the above screenshot, you will see a column named ‘Source’. Now if the source of the application is on the ‘msstore’ (Microsoft Store) then we can the application through ‘Microsoft Store App (New)’ in Intune:
You can then search for the application you want. I am going to use ‘Bitwarden’ for this example.
After selecting your application, you will be presented with the same settings to configure as with other Win32 applications.
Set your assignments and create! – This removes the need of converting applications to Intune file types.
But what if the application is not in the Microsoft Store within Intune?
We can still use the functionality of Winget to grab the ID and install the application for targeted users and devices.
We can create two PowerShell Scripts and convert them into one .Intune file that we can utilize to install and uninstall any application available in Winget. We can pass a parameter through the Install and Uninstall Arguments in Intune to the script to determine the application ID. This would be added as a normal win32 application.
Note: The below screenshots show an older version of my Winget Scripts. These screenshots show the principle of how we can utilize Winget.
Below contains a screenshot of WingetInstall.ps1
Note: ‘–exact’ is needed to prevent Winget selecting an application with a similar name if the parameters are wrong.
WingetUninstall.ps1 is essentially the same but with the core Winget arguments changed:
Note: ‘–accept-package-agreements’ is not needed for the uninstall script
You can convert multiple files in a Source folder into a .Intunewin file type.
Have WingetInstall.ps1 and WingetUninstall.ps1 within the same folder.
Run IntuneWinAppUtil as Administrator:
Select the install PowerShell script as the setup folder. It will still include WingetUninstall.ps1 as it is within the same Source Folder.
You can find IDs for applications that you want to use through:
‘winget search’ For example:
The install and uninstall arguments would be:
- powershell.exe -ExecutionPolicy Bypass -File .\WingetInstall.ps1 -WingetPackageID “ENTER-ID”
- powershell.exe -ExecutionPolicy Bypass -File .\WingetUninstall.ps1 -WingetPackageID ” ENTER-ID””
You need to specify the package ID in your install and uninstall arguments, so it is passed through to the PowerShell scripts.
This means I can import the same .Intunewin file for every application I want to add. All I need to do is change the parameters within the install/uninstall arguments to pick which application that I want installed.
Things to be aware off:
- There will be applications where their install locations are within User folders such as APPDATA instead of System folders such as Program Data. For example: Telegram. This means you need to select ‘Install Behaviour’ as User. Applications that install with the ‘User’ behaviour will take a little longer to be pushed through Intune. Especially after being just assigned.
- Some applications in the Microsoft Windows Store may not appear in Intune when adding a Microsoft Store Application. For example, if the application is a paid for application or age restricted on the store.
- If the application has a MSI installer, then I would suggest installing the application through MSI instead of Winget. This may be considered the easier approach.
- Intune may call 32-bit Powershell when trying to execute your install arguments therefore breaking your application installations. You can overcome this by using the below:
- “%systemroot%\sysnative\WindowsPowerShell\v1.0\powershell.exe”
- Example: “%systemroot%\sysnative\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -File .\WingetInstall.ps1 -WingetPackageID “ENTERID”
- You can also add the ‘-NoProfile’ CMDLET to start a Powershell session without loading the user profile. This can be useful in scenarios where you want to start Powershell quickly without any customizations or when you suspect that your profile script may be causing issues.
- Winget is not installed as a default application package on a fresh Windows Install. When the device first synchronizes with the Microsoft Store or performs Windows updates, Winget will be installed. From testing, it often installs an older version of winget (V1.2) but then will get updated through Windows Updates.
- Winget needs to be up to date on user’s devices before Winget associated applications are deployed to the device. This is because later version introduce newer commands.
- Not all applications are available through Winget. This Command-Line helps to remove any difficulty deploying applications. It is primary mainstream applications that can be installed via Winget.
- Keep in mind that most applications are deployed to the Winget Repository via the Community and are often out of date or note working.
References:
- https://learn.microsoft.com/en-us/windows/package-manager/winget/
- Install Adobe Reader DC using Win32 deployment and Microsoft Intune (allthingscloud.blog)
- Updates to Windows App Management in Intune with Winget – YouTube
- Use Winget with Intune – NielsKok.Tech
- Deploy New Microsoft Store Apps Type From Intune With Winget HTMD Blog (anoopcnair.com)
- Debugging and troubleshooting issues with the winget tool | Microsoft Learn
- public/Uninstall.ps1 at main · Ruthhl3ss/public · GitHub
- Winget: The best way to keep Windows apps updated | Computerworld
- GitHub – Romanitho/Winget-Install: Powershell scripts for Winget with SCCM/Intune
- GitHub – Romanitho/WingetIntunePackager: Intune Winget app packager
- GitHub – Romanitho/Winget-AutoUpdate: WAU daily updates apps as system and notify connected users. (Allowlist and Blocklist support)
- GitHub – Romanitho/Winget-Install-GUI: WiGui is a tool to search, select and install Apps at once with Winget package manager
- https://www.youtube.com/watch?v=QtftJQn9WYQ&t=118s (Very detailed video describing Winget provided by Microsoft on their Microsoft Mechanics YouTube Channel)